activation link not connecting

Question

please my registration and activation link was working fine until now, it says "problem connecting" when the link to activate account is clicked.

this is the related code of registration file

{
       //generate random code
       $code = rand(11111111,99999999);

       //send activation email
       $to = $email;
       $subject = "Activate your account";
       $headers = "From: donotreply@reacheasy.co.uk";
       $body = " Hello $fullname,\n\nUsername $username,\n\n Password $password ,\n\nYou registered and need to activate your account, n\nPlease keep this email safe as it contains your password . Click the link below or paste it into the URL bar of your browser\n\nhttp://reacheasy.co.uk/activate.php?code=$code\n\nThanks!";

and this is the activation file

<?php
 include 'include/global.php';

    $code = $_GET['code'];

    if (!$code)
        echo "No code supplied";
    else
    {
        $check = mysql_query("SELECT * FROM reusers WHERE code='$code' AND active='1'");
        //echo "SELECT * FROM users WHERE code='$code' AND active='1'";
        if (mysql_num_rows($check)==1)
            echo "You have already activated your account";
        else
        {
            $activate = mysql_query("UPDATE reusers SET active='1' WHERE code='$code'");
            echo "Your account has been activated!<a href='index.php'>Return to login page</a>";
        }

    }
    ?>

please help have a look thanks

Probably problem with connecting to a database. Check your MySQL details. — Nikola K., Jul 08 '12 at 12:26
Also ALWAYS sanitize - `$code = intval( $_GET['code'] );` Otherwise we can drop your DB anytime ;-) — Zoltan Toth, Jul 08 '12 at 12:28
Please note that this is wide open to SQL injection attacks, and although an attacker could do probably only minimal damage with this particular script, I suspect the rest of your application is equally and possibly more dangerously vulnerable. At a _minimum_ you MUST call `mysql_real_escape_string()` on $code`. `$code = mysql_real_escape_string($_GET['code']);` — Michael Berkowski, Jul 08 '12 at 12:29
I would also recommend using a more complex string than a simple random integer. It is trivial (albeit not of much use) for someone to write a script that sends HTTP requests incrementally and activates all your users' accounts. — Michael Berkowski, Jul 08 '12 at 12:31
@NikolaK. I Checked the database the constants for the database are correct — ade leye, Jul 08 '12 at 12:32
@Michael AND Zolthan thanks, would work more on the secure side, any link to read up will be appreciable as well — ade leye, Jul 08 '12 at 12:37
@adeleye Use `die("debug")` to debug the code. Which line are you getting this error? — roev, Jul 08 '12 at 12:39
@adeleye See [this reference question](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) and read [this wikipedia article](http://en.wikipedia.org/wiki/Sql_injection) to understand the danger. — Michael Berkowski, Jul 08 '12 at 12:40
@NikolaK.I HAVE SPOTTED IT IT WAS THE PASSWORD WORD IT THE GLOBAL FILE, THANKS — ade leye, Jul 08 '12 at 12:44

score 0 · Accepted Answer · answered Jul 08 '12 at 12:38

0

Check global.php and make sure you can connect. Call or mysql_error() at the end of mysql_connect()

answered Jul 08 '12 at 12:38

user1202278

774
2
10
24

activation link not connecting

1 Answers1